Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Safe memory scanning

a memory scanning and memory technology, applied in the field of computer system protection, can solve the problems of operating system crash on purpose, user mode code typically does not have direct access, and restricted access to computer system resources and hardware. the effect of safe scanning

Active Publication Date: 2007-05-08
CA TECH INC
View PDF6 Cites 47 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

[0012]In accordance with one embodiment of the invention, a method for safely scanning the memory of computer systems for viruses, such as kernel mode driver viruses, is described. In one embodiment, the method prevents drivers loaded in the memory of a computer system from being unloaded during scanning for the viruses, and then permits the unload of the drivers after scanning is complete.

Problems solved by technology

User mode code typically does not have direct access to kernel mode code and has restricted access to computer system resources and hardware.
In the user address space, if a user mode application attempts a read access to an invalid page of memory, an exception, e.g., a page fault, is generated by the operating system.
However, in the kernel address space, exception handlers are not used to handle exceptions, such as page faults.
Consequently, if a kernel mode application or driver attempts a read access to an invalid page of memory, an exception is generated by the operating system, and the operating system crashes on purpose.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Safe memory scanning
  • Safe memory scanning
  • Safe memory scanning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024]Embodiments in accordance with the invention are described herein with reference to implementation on computer systems utilizing Windows® NT and Windows® 2000 operating systems. However, the invention is applicable to other operating systems having similar memory space functionalities, such as Windows® XP, Windows® XP 64-bit editions, and other operating systems utilizing the Windows® NT kernel base.

[0025]FIG. 1 is a diagram of a system that includes a kernel mode memory scanning driver 106 executing on a computer system 102A, according to one embodiment of the invention. Computer system 102A can be a stand-alone system, such as a personal computer or workstation, as illustrated schematically in FIG. 1 by computer system 102A. Computer system 102A can also be part of a client-server configuration 100 that is also illustrated in FIG. 1 in which computer system 102A interacts with a server system 130 via a network 126, such as the Internet.

[0026]Kernel mode memory scanning drive...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A kernel mode memory scanning driver for use in safely scanning loaded drivers in the memory of computer systems utilizing Windows® NT based operating systems, such as Windows® 2000, Windows® XP, and other operating systems utilizing the Windows® NT kernel base, for viruses. Prior to scanning the loaded drivers for viruses, the kernel mode memory scanning driver hooks a driver unload function of the operating system, and stalls any calls to the driver unload function to prevent the loaded drivers from being unloaded during scanning. After scanning is complete, any stalled calls to the driver unload function are released. In one embodiment, the kernel mode memory scanning driver is implemented as a Windows® NT 4.0 kernel mode memory scanning driver, and thus can be used on computer systems utilizing Windows® 2000 or Windows® NT without platform specific code.

Description

BACKGROUND OF THE INVENTION[0001]1. Field of the Invention[0002]The present invention relates to the protection of computer systems. More particularly, the present invention relates to a method for scanning the memory of a computer system for viruses.[0003]2. Description of the Related Art[0004]Windows® NT and Windows® 2000 are 32-bit operating systems widely used on home and business computer systems. As such, virus writers are continually working to develop viruses that can attack and exploit these operating systems.[0005]Windows® NT and Windows® 2000 provide page-based virtual memory management schemes that permit programs to realize a 4 GB (gigabyte) virtual memory address space. When the computer system processor is running in virtual memory mode, all addresses are assumed to be virtual addresses and are translated, or mapped, to physical addresses in main memory each time the processor executes a new instruction to access memory.[0006]Conventionally, the 4 GB virtual memory ad...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(United States)
IPC IPC(8): H04L9/00G06F21/00
CPCG06F21/564
Inventor SZOR, PETER
Owner CA TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com